/** * Canonicalize the given {@link CanonicalHttpRequest} and hash it. * This request hash can be included as a JWT claim to verify that request components are genuine. * @param request {@link CanonicalHttpRequest} to be canonicalized and hashed * @return {@link String} hash suitable for use as a JWT claim value * @throws UnsupportedEncodingException if the {@link java.net.URLEncoder} cannot encode the request's field's characters * @throws NoSuchAlgorithmException if the hashing algorithm does not exist at runtime */ public static String computeCanonicalRequestHash(CanonicalHttpRequest request) throws UnsupportedEncodingException, NoSuchAlgorithmException { // prevent the code in this method being repeated in every call site that needs a request hash, // encapsulate the knowledge of the type of hash that we are using return JwtUtil.computeSha256Hash(canonicalize(request)); }
public String encodeJwt(HttpMethod httpMethod, URI targetPath, URI addonBaseUrl, Map<String, String[]> params, String issuerId, String secret, Optional<UserProfile> user) { checkArgument(null != httpMethod, "HttpMethod argument cannot be null"); checkArgument(null != targetPath, "URI argument cannot be null"); checkArgument(null != addonBaseUrl, "base URI argument cannot be null"); checkArgument(null != secret, "secret argument cannot be null"); final long currentTime = TimeUtil.currentTimeSeconds(); JwtJsonBuilder jsonBuilder = jwtBuilderFactory.jsonBuilder() .issuedAt(currentTime) .expirationTime(currentTime + JWT_EXPIRY_WINDOW_SECONDS) .issuer(issuerId); Map<String, String[]> completeParams = params; try { if (!StringUtils.isEmpty(targetPath.getQuery())) { completeParams = new HashMap<>(params); completeParams.putAll(constructParameterMap(targetPath)); } CanonicalHttpUriRequest request = new CanonicalHttpUriRequest(httpMethod.toString(), extractRelativePath(targetPath, addonBaseUrl), "", completeParams); log.debug("Canonical request is: " + HttpRequestCanonicalizer.canonicalize(request)); JwtClaimsBuilder.appendHttpRequestClaims(jsonBuilder, request); } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) { throw new RuntimeException(e); } JwtUserContextBuilder.addUserContextObject(jsonBuilder, user); return jwtService.issueJwt(jsonBuilder.build(), secret); }
public String encodeJwt(HttpMethod httpMethod, URI targetPath, URI addonBaseUrl, Map<String, String[]> params, String issuerId, String secret, Optional<UserProfile> user) { checkArgument(null != httpMethod, "HttpMethod argument cannot be null"); checkArgument(null != targetPath, "URI argument cannot be null"); checkArgument(null != addonBaseUrl, "base URI argument cannot be null"); checkArgument(null != secret, "secret argument cannot be null"); final long currentTime = TimeUtil.currentTimeSeconds(); JwtJsonBuilder jsonBuilder = jwtBuilderFactory.jsonBuilder() .issuedAt(currentTime) .expirationTime(currentTime + JWT_EXPIRY_WINDOW_SECONDS) .issuer(issuerId); Map<String, String[]> completeParams = params; try { if (!StringUtils.isEmpty(targetPath.getQuery())) { completeParams = new HashMap<>(params); completeParams.putAll(constructParameterMap(targetPath)); } CanonicalHttpUriRequest request = new CanonicalHttpUriRequest(httpMethod.toString(), extractRelativePath(targetPath, addonBaseUrl), "", completeParams); log.debug("Canonical request is: " + HttpRequestCanonicalizer.canonicalize(request)); JwtClaimsBuilder.appendHttpRequestClaims(jsonBuilder, request); } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) { throw new RuntimeException(e); } JwtUserContextBuilder.addUserContextObject(jsonBuilder, user); return jwtService.issueJwt(jsonBuilder.build(), secret); }